SUSE CVE-2017-0889

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...

GHSA-PHMW-PV3F-VVX7 Moderate severity vulnerability that affects paperclip

Withdrawn, accidental duplicate publish. The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrat...

Paperclip ruby gem suffers from a Server-Side Request Forgery (SSRF) vulnerability in the Paperclip::UriAdapter and Paperclip::HttpUrlProxyAdapter class.

Paperclip gem provides multiple ways a file can be uploaded to a web server. The vulnerability affects two of Paperclip’s IO adapters that accept URLs as attachment data UriAdapter and HttpUrlProxyAdapter. When these adapters are used, Paperclip acts as a proxy and downloads the file from the...

thoughtbot Paperclip ruby gem server-side request forgery vulnerability

The thoughtbot Paperclip ruby gem is an open source Ruby-based file attachment manager from thoughtbot, USA. A server-side request forgery vulnerability exists in the Paperclip::UriAdapter class in the thoughtbot Paperclip ruby gem 3.1.4 and later versions. An attacker can exploit this...

CVE-2017-0889

Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde Request Forgery SSRF vulnerability in the Paperclip::UriAdapter class. Attackers may be able to access information about internal network resources...

GHSA-6JVM-3J5H-79F6 paperclip Cross-site Scripting vulnerability

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

paperclip Cross-site Scripting vulnerability

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

RubyGems Paperclip Excessive Logging Content Spoofing Vulnerability

RubyGems Paperclip is a plugin for extending ActiveRecord ORM model and providing simple file attachment functionality. A content spoofing vulnerability exists in RubyGems Paperclip versions 4.2.2 through 4.3.5. An attacker can exploit this vulnerability to spoof content...

Cross site scripting

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

CVE-2015-2963

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

CVE-2015-2963

The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider the content-type value during media-type validation, which allows remote attackers to upload HTML documents and conduct cross-site scripting XSS attacks via a spoofed value, as demonstrated by image/jpeg...

CVE-2015-2963

CVE-2015-2963 affects the thoughtbot Paperclip gem for Ruby pre‑4.2.2. The vulnerability arises because media-type validation does not consider the content-type, allowing remote attackers to upload HTML documents and trigger cross-site scripting (XSS) via spoofed values (e.g., image/jpeg). Impact...

Paperclip Gem for Ruby vulnerable to content type spoofing

There is an issue where if an HTML file is uploaded with a .html extension, but the content type is listed as being image/jpeg, this will bypass a validation checking for images. But it will also pass the spoof check, because a file named .html and containing actual HTML passes the spoof check...